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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 03/03/06 appealing 
from the Office action mailed 08/22/2005. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest 
is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, 
interferences, or judicial proceedings which will directly 
affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the 
brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after 
final rejection contained in the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the 
brief is correct. 
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(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be 
reviewed on appeal is substantially correct. The changes are as 
follows : 

Claims 1-6, 8, 12-17, 19, 23-28, 30, 34-39, and 41 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over 
Godwin et al (US 6505192), further in view of Tuck, III et al 
(US 6763394) and further in view of Apparna et al ("Monitoring 
Ethernet Network activity with NDIS drivers") . 

Claims 7, 18, 29 and 40 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over the modified Godwin, Tuck and Apparna 
system as applied to claims 1, 12, 23, and 34 above, and further 
in view of Kobayashi et al (JP 03164866) . 

Claims 10-11, 21-22, 32-33 and 43-44 are rejected under 35 
U.S.C. 103(a) as being unpatentable over the modified Godwin, 
Tuck and Apparna system as applied to claims 1, 12, 23, and 34 
above, and further in view of Otterness et al (US 6460122) and 
further in view of Ross et al (US 6711562) . 

GROUNDS OF REJECTION NOT ON REVIEW 

The following grounds of rejection have not been withdrawn 
by the examiner, but they are not under review on appeal because 
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they have not been presented for review in the appellant's 
brief . 

The rejection of claims 7, 18, 29 and 40 under the modified 
Godwin, Tuck and Apparna system as applied to claims 1, 12, 23, 
and 34 and further in view of Kobayashi et al (JP 03164866) has 
not been addressed in the Appeal Brief. 

The rejection of claims 10-11, 21-22, 32-33 and 43-44 under 
the modified Godwin, Tuck and Apparna system as applied to 
claims 1, 12, 23, and 34 and further in view of Otterness et al 
(US 6460122) and Ross et al (US 6711562) has not been addressed 
in the Appeal Brief. 

Appellant has withdrawn claims 23-30 and 32-33 from 
consideration in the Appeal. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix 
to the brief is correct. 

(8) Evidence Relied Upon 

US 6,505,192 GODWIN et al. 01-2003 

US 6,763,394 TUCK, III et al . 07-2004 

JP 03164866 KOBAYASHI et al . 07-1991 
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US 6,460,122 



OTTERNESS et al. 



10-2002 



US 6,711,562 



ROSS et al. 



03-2004 



Apparna et al. "Monitoring Ethernet Network activity with 
NDIS drivers, " 22 November 1999, pp. 1-2. 

(9) Grounds of Rejection 

The following ground (s) of rejection are applicable to the 
appealed claims: 

Claims 1-6, 8, 12-17, 19, 23-28, 30, 34-39, and 41 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over 
Godwin et al (US 6505192), further in view of Tuck, III et al 
(US 6763394) and further in view of Apparna et al ("Monitoring 
Ethernet Network activity with NDIS drivers") . 

As per claims 1, 12, 23 and 34, Godwin et al discloses 
receiving a network packet having a corresponding security 
association (SA) ; determining for the packet a key value 
corresponding to the SA; if the packet is an ingress packet 
hashing the key value to determine a location of an entry in an 
ingress lookup table and if the packet is an egress packet 
hashing the key value to determine a location of an entry in an 
egress lookup table the entry in the ingress lookup table and 
the entry in the egress lookup table containing information 
corresponding to the SA; retrieving from the entry an index to a 
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location of the SA in memory; and retrieving the SA from memory 
based on the index (see column 6 line 47 through column 7 line 
10 and lines 25-44) . 

Godwin fails to disclose determining if the packet is an 
ingress packet or an egress packet and the two lookup tables 
being separate. 

However, Tuck teaches such limitations (see column 2 lines 
29-37, column 5 lines 28-38 and claim 19) . 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to use the lookup tables 
of Tuck in the system of Godwin. 

Motivation to do so would have been that using a single 
table would waste a lot of table space (see column 5 lines 28- 
38) . 

The modified Godwin and Tuck system fails to disclose the 
method being performed at a device driver. 

However, Apparna teaches the use of a device driver (see 
page 2) . 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to perform the method of 
Godwin and Tuck at the device driver of Apparna. 



Application/Control Number: 09/965,579 Page 7 

Art Unit: 2137 

Motivation to do so would have been to be able to 
communicate with the protocol drivers and the operating system 
(see page 2) . 

As per claims 2, 13, 24 and 35, the modified Godwin, Tuck 
and Apparna system discloses receiving a network packet 
comprises the device driver being passed an egress packet from 
an electronic system operating system (see Godwin column 7 lines 
25-44 and Apparna page 2) . 

As per claims 3, 14, 25 and 36, the modified Godwin, Tuck 
and Apparna system discloses receiving a network packet 
comprises the device driver being passed an ingress packet from 
a network interface device (see Godwin column 6 line 47 through 
column 7 line 10 and Apparna page 2) . 

As per claims 4, 15, 26 and 37, the modified Godwin, Tuck 
and Apparna system discloses the key value is a handle created 
for the SA for an egress packet (see Godwin column 7 lines 25-44 
wherein the name is the handle) . 

As per claims 5, 16, 27 and 38, the modified Godwin, Tuck 
and Apparna system discloses the key value is a security 
parameter index (SPI) extracted from the packet for an ingress 
packet (see Godwin column 6 lines 47-67). 
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As per claims 6, 17, 28 and 39, the modified Godwin, Tuck 
and Apparna system discloses the lookup table entry comprises 
the key value and the index (see Godwin column 6 line 47-67) . 

As per claims 8, 19, 30 and 41, the modified Godwin, Tuck 
and Apparna system discloses the location in memory of an SA 
corresponding to egress traffic being in a first table, and the 
location in memory of an SA corresponding to ingress traffic 
being in a second table and the tables being separate (see 
Godwin column 4 lines 18-67 and Tuck column 5 lines 28-38) . 

Claims 7, 18, 29 and 40 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over the modified Godwin, Tuck and Apparna 
system as applied to claims 1, 12, 23, and 34 above, and further 
in view of Kobayashi et al (JP 03164866) . 

As per claims 7, 18, 29 and 40, the modified Godwin, Tuck 
and Apparna system fails to disclose the lookup table entry 
further comprises a counter to track collisions for the entry. 

However, Kobayashi et al teaches such a counter to track 
collisions (see CONSTITUTION) . 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to use Kobayashi et al's 
method of tracking collisions using a counter in the security 
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association method of the modified Godwin, Tuck and Apparna 
system. 

Motivation to do so would have been to allow an output of a 
new address when collisions occur (see CONSTITUTION) . 

Claims 10-11, 21-22, 32-33 and 43-44 are rejected under 35 
U.S.C. 103(a) as being unpatentable over the modified Godwin, 
Tuck and Apparna system as applied to claims 1, 12, 23, and 34 
above, and further in view of Otterness et al (US 6460122) and 
further in view of Ross et al (US 6711562) . 

As per claims 10, 21, 32 and 43, the modified Godwin, Tuck 
and Apparna system fails to disclose supporting a number of 
network traffic streams, wherein the lookup table has 2 N entries 
where N is an integer, 2 N being the lowest binary number greater 
than five times the number of network traffic streams supported. 

However, Otterness et al teaches a lookup table of size 2 N 
(see column 17 Tables III and IV) and Ross et al teaches the 
size of the table being five times the number of raw data (see 
column 15 lines 1-22) . 

At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to use the table size of 
Otterness et al in the modified Godwin, Tuck and Apparna system 
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and to use the more specific table size of Ross et al in the 
modified Godwin, Tuck, Apparna and Otterness et al system. 

Motivation to do so would have been that it is advantageous 
to have a table size of 2 N (see Table III) and that table sizes 
are typically 20% (or five times) the size of the raw data (see 
Ross et al column 15 lines 1-22) . 

As per claims 11, 22, 33 and 44, the modified Godwin, Tuck, 
Apparna, Otterness et al, and Ross et al system discloses the 
key value is determined by using a bit-wise AND hash function 
with a mask of value 2 N -1, where N is an integer, wherein the 
hash table contains 2 N entries (see Otterness et al column 17 
Table III and IV) . 

(10) Response to Argument 

Appellant argues that Tuck discloses ingress and egress 
pass/drop lookups being made separately is made only in 
reference to a network router, and has no application to packets 
received at a device driver. The Examiner respectfully 
disagrees because Appellant argues the references separately, 
not the combination. Furthermore, each of the Godwin (see column 
5 lines 34-38) and Tuck (see column 2 lines 28-37) references 
teach the packet processing to be performed by software and the 
device driver taught as by Apparna is merely a type of software. 
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Apparna teaches the benefit of using a device driver, which is 
to enable communication between a network interface card and 
protocol drivers and the operating system (see Apparna page 2) . 

Appellant also argues that Tuck merely relates to the 
lookup of rules and not the lookup of security associations and 
therefore is inapplicable to the problem resolved by the claimed 
invention. The Examiner respectfully disagrees because both 
Tuck and the claimed invention are directed to the use of 
separate ingress and egress lookup tables, therefore Tuck is 
applicable to the problem being solved. Furthermore, the 
security associations of Godwin have rules associated with each 
security association. These rules direct the node to either 
deny a packet (i.e. drop a packet), permit the packet with or 
without IPsec processing (i.e. pass the packet) (see Godwin 
column 2 lines 34-38 and lines 59-66) . Therefore, since the 
security associations of the Godwin system are associated with 
rules, when modified by the teaching of Tuck to have ingress and 
egress rules in separate lookup tables, the system has separate 
ingress and egress lookup tables for security associations. 

Appellant further argues that Tuck teaches away from 
combining the references because the motivation provided in Tuck 
is different from that provided by Appellant's specification. 
With respect to this difference, the fact that Appellant has 
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recognized another advantage which would flow naturally from 
following the suggestion of the prior art cannot be the basis 
for patentability when the differences would otherwise be 
obvious. See Ex parte Obiaya, 227 USPQ 58, 60 (Bd. Pat. App. & 
Inter. 1985). Furthermore, Tuck provides an explanation of why 
the use of a single would take up more space, "because rules are 
often independent, combining the rules in a single table 
requires multiplying them to generate all combinations" (see 
column 5 lines 28-30) . 

Appellant argues that there is no mention within Apparna 
regarding how to process packets, the use of security 
associations and/or the storing of security associations in 
tables and therefore no reason exists that would suggest using a 
device driver to implement the method of Godwin or Tuck. With 
respect to this argument, each of the Godwin (see column 5 lines 
34-38) and Tuck (see column 2 lines 28-37) references teach the 
packet processing to be performed by software and the device 
driver taught by Apparna is merely a type of software. Apparna 
teaches the benefit of using a device driver, which is to enable 
communication between a network interface card .and protocol 
drivers and the operating system (see Apparna page 2) . 
Furthermore, Appellant's specification (see paragraph 3) teaches 
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the use of the miniport driver for managing security 
associations. The miniport driver is used in a NDIS environment 
and Apparna is an overview of NDIS. 

(11) Related Proceeding (s) Appendix 

No decision rendered by a court or the Board is identified 
by the examiner in the Related Appeals and Interferences section 
of this examiner's answer. 

For the above reasons, it is believed that the rejections 
should be sustained. 

Respectfully submitted, 
Michael J. Pyzocha frff 




May 2, 2006 
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